On 06/09/16 09:33, Linus Nordberg wrote:
Fabian Mauchle fabian.mauchle@switch.ch wrote Tue, 6 Sep 2016 08:47:19 +0200:
The questions now are 1) does the proposed patch work for you
At least id does NOT compile without OpenSSL 1.1 - which is probably to be expected.
Yes.
- how little backwards compatibility can we get away with?
If you're a radsecproxy user, what version(s) of OpenSSL do you really need support for?
Currently running on RHEL 7.2, OpenSSL 1.0.1e
That seems terribly old -- the 1.0.1 series is at 1.0.1t. Any chance it has a bunch of backports and actually is more close to 1.0.1t?
At least it does include all security fixes from 1.0.1t. As for other bugfixes or features I don't know.
Would it be possible to get 1.0.2 onto an RHEL 7.2 system and use that instead?
I'll have to check with our systems department.